line209.xyz
Open in
urlscan Pro
103.231.167.206
Malicious Activity!
Public Scan
Submission Tags: [phishing]
Submission: On February 26 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on February 22nd 2022. Valid for: 3 months.
This is the only time line209.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Line (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 103.231.167.206 103.231.167.206 | 64050 (BCPL-SG B...) (BCPL-SG BGPNET Global ASN) | |
10 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
line209.xyz
line209.xyz |
66 KB |
10 | 1 |
Domain | Requested by | |
---|---|---|
10 | line209.xyz |
line209.xyz
|
10 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
line576.xyz R3 |
2022-02-22 - 2022-05-23 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://line209.xyz/
Frame ID: A1B67F78BFD1271F7094E03EABFB9694
Requests: 10 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
line209.xyz/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.css
line209.xyz/static/line/Line/CSS/ |
396 B 599 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
line209.xyz/static/line/Line/JS/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ajax.js
line209.xyz/static/line/Line/JS/ |
1013 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
alert.css
line209.xyz/static/line/Line/CSS/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
line209.xyz/static/line/Line/JS/ |
91 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
alert.js
line209.xyz/static/line/Line/JS/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
riicon.png
line209.xyz/static/line/Line/image/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kaishi.png
line209.xyz/static/line/Line/image/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
6.gif
line209.xyz/static/line/Line/image/ |
8 KB 8 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Line (Online)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone function| openZhezhao function| closeZhezhao function| openMssage function| closeMssage function| toPage function| encodeBianMa function| decodeJieMa function| checkNullLength function| checkNull function| checkLength function| booleToInt function| checkZhenshu function| checkFloat function| onkeypressFloat function| onkeyupFloat function| onblurFloat function| returnPage undefined| xmlHttpRequest function| createXmlHttpRequest function| ajax function| $ function| jQuery function| jqueryAlert function| doLogpage function| gogo2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
line209.xyz/ | Name: think_var Value: ja-jp |
|
line209.xyz/ | Name: sfba4deee Value: pgd5enc31pa6669nasg2o9k430 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
line209.xyz
103.231.167.206
3760ec5b9e86eeaa73b3647ce49647580784b153d4a735c9431ec90149cec6a5
8004a949a3ff93a7de69857b8ef25ebf3564a942991d014339a125dd94432894
98bedf884fd3400f0dbe98be7b3dfedbe60b16d8a39bf320ce9dfbc73999f44b
9b4984d9db940b0b680b6cf18c38c5ae58fd6642986ac5a15b3e204fff3a01b9
a2661b760e30f7a9cef9e98585be87d46c8e264e1f2c4d69445945f0cbf904fe
aec878841749ab41fae5812d57f6ecc4b44570e41b71b77f1e8a65da395f4eb7
b31778c9bd0482837ef6aad52908888f86b499041b287576b7ccd9d3edcfa312
b6a7031f9a34f1d26bde1c9af93ac324b631f1ca4f30bd496a02c386373cda3d
c1bcc5f2066e4476e6dbab0b5a9b9700b86f4d6ebeb2900d73ee97e53753d4f9
cb2af2c6dae1f3e9848e721807e6d40da02a1ff8b28972deb65eb605b5be7b22